Re: Redir games with ARP and ICMP

[rhialto () POLDER UBC KUN NL (Olaf Seibert)]

John Goerzen wrote:
> Having anticipated such a problem already (in our envoronment, there are
> many lab machines which have NFS access to user disks on a server.  These
> machines may even be turned OFF which makes it easy for a spoofer to get
> in.), I wrote a short Perl script designed to be run from the system
> startup file.  Basically, it "primes" the ARP cache on Linux with the
> IP and MAC addresses of known machines, setting a flag so that they are
> never removed from the cache and can never be changed.
>
> The config file format is simple -- IP address followed by MAC address,
> separated by whitespace.  Pound at the beginning of a line indicates
> comment.

> This has only been tested on Linux -- people on other platforms may need
> to adjust the parameters to arp in the system call.

Some systems (notably BSD variants) have the arp -f option:

     -f      Causes the file filename to be read and multiple entries to be
             set in the ARP tables.  Entries in the file should be of the form

                   hostname ether_addr [temp] [pub]

             with argument meanings as given above.

-Olaf.
--
___ Olaf 'Rhialto' Seibert      D787B44DFC896063 4CBB95A5BD1DAA96
\X/ It's not easy having a good time    rhialto () polder ubc kun nl